Search form

GDPR: Get Da Protection Right

During this intensive training day, you will learn more about how to design, build and deploy GDPRcompliant applications. This is a training specially created for developers with a strong focus on software security for frameworks like Java, PHP, ASP.NET MVC, Angular,... using classic hosting or cloud solutions like Amazon Web Services or Azure.

Program

Time

Training

09h00-09h30

About the GDPR act

What is GDPR and how can it impact your software development? Why is this important for developers and how can it be done without the legal mumbojumbo? We will discuss Personally Identifiable Information (PII), where it can be found, attacked, leaked, ... using some real-word examples.

09h30-10h45

OWASP Top 10

In this section we will have a look at the OWASP Top 10, like SQL Injection, indirect object references (IDOR) and Cross-site-scripting.

Not only will we be looking at typical web applications but we extend this to Angular and APIs because these entry points are often forgotten and can introduce huge security flaws that impact GDPR compliancy and data leakage.

10h45-11h00

Coffee break

11h00-12h30

OWASP Top 20

Besides the OWASP Top 10, the platform released the Top 20 of

automated attacks beginning of 2018. This is an important milestone because it explains the different attacks that can be used to steal PII like screen scraping, brute-force attacks, account takeover, .... We will take a look at the new additions and discuss every

vulnerability and risk.

12h30-13h00

Lunch

13h00-14h30

Cryptography 101

Everybody will agree that cryptography is important for GDPR. During this session we will give a not too mathematical overview of encryption, hashing, how HTTPS works (different standards such as AES, PBKDFv2, SHA-256,...) but also which typical attacks and flaws occur when using cryptography.

In addition, we will also discuss the different security headers that are

needed and how you test your own web stack against these vulnerabilities.

14h30-15h30

OAuth, SAML and JWT

Because there are a lot of flaws and misunderstandings of implementing OAuth, SAML and Java Web Tokens (JWT), it is important to have a full overview of the protocols, best practices and examples of bad

implementations. Moreover, we will also dive into business logic flaws, IDOR vulnerabilities and how to defend against exploits in your code at different layers: client-side JavaScript, front-end API, back-end server and database.

15h30-15h45

Coffee break

15h45-16h30

Privacy by Design & Privacy by Default

Using a threat modeling approach we will design a threat model for a web application that stores PII. We shall discuss different threats and related security risks and how to take several countermeasures into account using the different technologies and the best practices like database encryption. What should be the ideal situation that is workable and allows to be GDPR compliant?

16h30-17h15

Securing non compliant GDPR apps

How can you improve the GDPR compliancy of legacy applications without rewriting the entire application? How can you implement breach notification? We will learn about Web Application Firewalls (WAF), Runtime Application Security Protection (RASP), Security Incident and Event Monitoring (SIEM), SecDevOps using vulnerability management and static analysis tools, ...

17h15-18h00

Blockchain and GDPR

We end the day by making a link between blockchain and GDPR. What is blockchain and how can it or cannot help GDPR? This session will give a high-level overview of blockchain technology and how it can be used for GDPR compliancy like the distributed ledger, smart contracts, transaction logging, ...

Contact

Your name *

Your e-mail address *

Subject *

Category *

Message *

Zion Newsletter

Subscribere here for our monthly newsletter

Email Address *

Follow us on social media

About

ZIONSECURITY is market leader and well known specialist in protecting web applications and web users.

We are a young and dynamic team consisting of a mix of web application and network security experts. This mix enables us to deliver high quality custom projects to small, medium and large organisations. Discover our security solutions now that enable us to protect your business value.